[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <7a71215c-58f4-081b-6a2e-030073f2737e@digikod.net>
Date: Wed, 3 Nov 2021 13:17:19 +0100
From: Mickaël Salaün <mic@...ikod.net>
To: Austin Kim <austindh.kim@...il.com>, serge@...lyn.com
Cc: linux-security-module@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] landlock: Initialize kernel stack variables properly
Hi Austin,
On 03/11/2021 08:14, Austin Kim wrote:
> In case kernel stack variables are not initialized properly, there might
> be a little chance of kernel information disclosure. So it is better for
> kernel stack variables to be initialized with null characters.
>
> Signed-off-by: Austin Kim <austindh.kim@...il.com>
> ---
> security/landlock/syscalls.c | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/security/landlock/syscalls.c b/security/landlock/syscalls.c
> index 32396962f04d..50a6f7091428 100644
> --- a/security/landlock/syscalls.c
> +++ b/security/landlock/syscalls.c
> @@ -320,6 +320,8 @@ SYSCALL_DEFINE4(landlock_add_rule,
> if (rule_type != LANDLOCK_RULE_PATH_BENEATH)
> return -EINVAL;
>
> + memset(&path_beneath_attr, 0, sizeof(path_beneath_attr));
> +
This memset is already done with the copy_from_user() call just below.
> /* Copies raw user space buffer, only one type for now. */
> res = copy_from_user(&path_beneath_attr, rule_attr,
> sizeof(path_beneath_attr));
>
Powered by blists - more mailing lists